Commit adc00e46 authored by Jelle_S's avatar Jelle_S

CSRF protection added to menu links

parent 96958213
......@@ -9,20 +9,13 @@ function webform_multifile_menu() {
$items['node/%webform_menu/submission/%webform_menu_submission/multifile_delete/%/%'] = array(
'title' => 'Delete multifile upload',
'load arguments' => array(1),
'page callback' => 'webform_multifile_delete',
'page arguments' => array(1, 3, 5, 6),
'page callback' => 'drupal_get_form',
'page arguments' => array('webform_multifile_delete_form', 1, 3, 5, 6),
'access callback' => 'webform_submission_access',
'access arguments' => array(1, 3, 'edit'),
'type' => MENU_CALLBACK,
);
$items['webform_multifile_convert_data'] = array(
'title' => 'Convert old multifile field data',
'page callback' => 'webform_multifile_convert_62_data',
'access arguments' => array('edit all webform submissions'),
'type' => MENU_CALLBACK,
);
return $items;
}
......@@ -48,20 +41,45 @@ function webform_multifile_webform_component_info() {
/**
* Menu callback to delete a single file from a multifile upload.
*/
function webform_multifile_delete($webform, $submission, $component_id, $fid) {
function webform_multifile_delete_form($form, &$form_state, $webform, $submission, $component_id, $fid) {
if ($file = file_load($fid)) {
file_delete($file);
// Update the submission data and re-save it without the deleted fid.
$fids = unserialize($submission->data[$component_id]['value'][0]);
$key = array_search($fid, $fids);
unset($fids[$key]);
$submission->data[$component_id]['value'][0] = serialize($fids);
module_load_include('inc', 'webform', 'includes/webform.submissions');
webform_submission_update($webform, $submission);
$form['webform'] = array(
'#type' => 'value',
'#value' => $webform,
);
$form['submission'] = array(
'#type' => 'value',
'#value' => $submission,
);
$form['component_id'] = array(
'#type' => 'value',
'#value' => $component_id,
);
$form['fid'] = array(
'#type' => 'value',
'#value' => $file->fid,
);
return confirm_form($form, t('Are you sure you want to delete %file?', array('%file' => $file->filename)), 'node/' . $webform->nid . '/submission/' . $submission->sid . '/edit');
}
drupal_goto('node/' . $webform->nid . '/submission/' . $submission->sid . '/edit');
}
/**
* Form submit callback.
*/
function webform_multifile_delete_form_submit($form, &$form_state) {
$file = file_load($form_state['values']['fid']);
file_delete($file);
// Update the submission data and re-save it without the deleted fid.
$fids = unserialize($form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0]);
$key = array_search($file->fid, $fids);
unset($fids[$key]);
$form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0] = serialize($fids);
module_load_include('inc', 'webform', 'includes/webform.submissions');
webform_submission_update($form_state['values']['webform'], $form_state['values']['submission']);
$form_state['redirect'] = 'node/' . $form_state['values']['webform']->nid . '/submission/' . $form_state['values']['submission']->sid . '/edit';
}
/**
* Implements hook_file_download().
*/
......@@ -97,33 +115,3 @@ function webform_multifile_file_download($uri) {
// This is not a webform-controlled file.
return NULL;
}
/**
* Convert all old webform multifile data from the 6.2 multifile component in
* comment #1 on http://drupal.org/node/623692 to a 6.3 API component.
*
* This function WILL modify your data and there's no going back, so please
* ensure you have a db backup prior to running it.
*/
function webform_multifile_convert_62_data() {
$result = db_select('webform_component', 'wc')->fields('wc')->condition('type', 'multifile')->execute();
$count = 0;
while ($component = $result->fetchObject()) {
$result2 = db_select('webform_submitted_data', 'wsd')->fields('wsd')->condition('cid', $component->cid)->execute();
while ($submission = $result2->fetchObject()) {
$data = unserialize($submission->data);
// The old multifile used an object to store the data.
if (is_object($data[0])) {
$count++;
$fids = array();
foreach ($data as $file) {
$fids[] = $file->fid;
}
$data = serialize($fids);
db_update('webform_submitted_data')->fields(array('data' => $data))->condition('nid', $submission->nid)->condition('sid', $submission->sid)->condition('cid', $submission->cid)->execute();
}
}
}
return "Converted $count submissions";
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment